-
Notifications
You must be signed in to change notification settings - Fork 708
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow to install kubeapps in several namespaces #508
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
``` | ||
|
||
The command removes all the Kubernetes components associated with the chart and deletes the release. | ||
The first command removes most of the Kubernetes components associated with the chart and deletes the release. After that, if there are no more instances of Kubeapps in the cluster you can manually delete the `apprepositories.kubeapps.com` CRD used by Kubeapps that is shared for the entire cluster. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd make it more explicit that if you delete the CRD you will break other instances of Kubeapps running in the same cluster.
@@ -1,7 +1,10 @@ | |||
{{- if not (.Capabilities.APIVersions.Has "kubeapps.com/v1alpha1") -}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would you mind adding a comment mentioning that this might have happened if another instance of kubeapps has been installed.
- kubeapps.com | ||
resources: | ||
- apprepositories | ||
verbs: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you need all these verbs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nope, only list
and delete
@@ -0,0 +1,47 @@ | |||
{{- if .Values.rbac.create -}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ditto previous comment about adding some context on why this this job is needed in a comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added in all the cleanup
related files.
docs/user/access-control.md
Outdated
|
||
``` | ||
kubectl apply -f - << EOF |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe for a first version it might make sense to store these yaml in the repo so it can be easier installed via kubectl create -f 'http://github.com/foobar.yaml'
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like having the role definition here because it's more verbose and users won't be applying them blindly. Also we'd avoid possible broken links if we move/delete those files from the repo.
In any case, if you think it's a price worth to pay for the simplicity it provides I am fine as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rethinking about this, having a file is more windows-friendly (I don't think the << EOF
works there)
docs/user/access-control.md
Outdated
@@ -60,10 +73,28 @@ available in most Kubernetes distributions, you can find more information about | |||
that role | |||
[here](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles). | |||
|
|||
Apart from that role we need to create an additional one to have read access to the app repositories. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd put the creation of the repositories-read role just after this sentence since you set the stage.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apart from that role we need to create an additional one to have read access to the app repositories.
Additionally, we need to create a role to give read access to App Repositories and bind it to our service account.
docs/user/access-control.md
Outdated
- clusterserviceplans | ||
verbs: | ||
- list | ||
EOF |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I definitely think that we need to extract these yamls to external files since these documentation is becoming too dense.
In the meantime I'd add spaces and comments between the different steps.
waiting for @prydonius's input here |
chart/kubeapps/README.md
Outdated
The command removes all the Kubernetes components associated with the chart and deletes the release. | ||
The first command removes most of the Kubernetes components associated with the chart and deletes the release. After that, if there are no more instances of Kubeapps in the cluster you can manually delete the `apprepositories.kubeapps.com` CRD used by Kubeapps that is shared for the entire cluster. | ||
|
||
> **NOTE**: If you delete the CRD for `apprepositories.kubeapps.com` it will delete the repositories for **all** the installed instances of `kubeapps`. That'll break existing installations of `kubeapps` if they exist. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That'll -> This will
metadata: | ||
name: {{ template "kubeapps.apprepository-jobs-cleanup.fullname" . }} | ||
annotations: | ||
helm.sh/hook: pre-delete |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should this be post-delete? What if deletion fails?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, it will fit better in the post-delete hook
@@ -0,0 +1,47 @@ | |||
{{- if .Values.rbac.create -}} | |||
# The cleanup job is necessary to remove "apprepositories" created |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we need this comment here, just in the Job
@@ -0,0 +1,15 @@ | |||
# The cleanup job is necessary to remove "apprepositories" created |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we need this comment here, just in the Job
@@ -0,0 +1,47 @@ | |||
# The cleanup job is necessary to remove "apprepositories" created | |||
# in the bootstrap job or in the web application |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would make this comment simpler, e.g.: "Clean up the AppRepository resources used by this Kubeapps instance"
docs/user/access-control.md
Outdated
@@ -60,10 +73,28 @@ available in most Kubernetes distributions, you can find more information about | |||
that role | |||
[here](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles). | |||
|
|||
Apart from that role we need to create an additional one to have read access to the app repositories. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apart from that role we need to create an additional one to have read access to the app repositories.
Additionally, we need to create a role to give read access to App Repositories and bind it to our service account.
metadata: | ||
name: {{ template "kubeapps.apprepository-jobs-cleanup.fullname" . }} | ||
annotations: | ||
helm.sh/hook: pre-delete |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@andresmgot I think this should be post-delete right? I'll make a PR: #530
Fixes #463